In Jira exists two types of authentication: Basic Auth (in other words, user:password… or the same but base64 encoded) and OAuth (more complex to implement but without “passwords”). Exist a third option, The cookie-based Auth (but it’s depcrecated), and exist a new OAuth2 version currently in development.

Here we want to explain the pro and cons of this Auth methods.

Basic Auth:

  • Very simple to implement
  • faster calls
  • less code to do a simple call
  • The USER AND PASSWORD is sent in the call and can be sniffed and decrypted!

OAuth:

  • Cryptography! each message is signed
  • Complex to implement (at the initial stage of the development)
  • Not proof of JANUS attack!

Future OAuth2:

  • Non-web clients!
  • Easy to implement

By MrAddon

Advertisements
Posted by:.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s